Escape scripts in scratchpad
Learn how scratchpad factors into the security posture of your instance and how to manage it so that malicious scripts can't be executed on it.
The scratchpad is an easy way to set information on the server that can be accessed in the browser. An admin can script anything to be on it, including arbitrary data from arbitrary records.
Ensure the property glide.ui.escape_scratchpad is set to true.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.ui.escape_scratchpad |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | <none> |
| Fallback value | true |
| Category | Validation, sanitization, and encoding |
| Security risk |
|
| Dependencies and prerequisites | None |
| References | Workflow administration |